37 matches found
Exploit for Command Injection in Sophos Web_Appliance
Dork fofa title="Sophos Web Appliance" || app="Sophos-W...
Exploit for Path Traversal in Wso2 Api_Manager
WSO2 Carbon Server CVE-2022-29464 Pre-auth RCE bug CVE-2022-2...
Exploit for Code Injection in Moodle
CVE-2021-36394-Pre-Auth-RCE-in-Moodle Vulnerability Introd...
Exploit for Path Traversal in Wso2 Api_Manager
WSO2 Carbon Server CVE-2022-29464 Pre-auth R...
Exploit for Path Traversal in Wso2 Api_Manager
WSO2 Carbon Server CVE-2022-29464 Pre-auth R...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
This is a PoC exploit for CVE-2021-26084, a pre-auth RCE injecti...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2021-26084 Proof of concept for CVE-2021-26084. Confluen...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2021-26084 CVE-2021-26084 - Confluence Pre-Auth RCE | O...
U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
RCE is possible thanks to unsafe Java deserialization in the Jato framework used by OpenAM. Impact An unauthenticated, 3rd-party attacker or adversary can execute remote code Supporting Material/References - https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464 System...
Authorization
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deserialize untrusted data from the request body. These endpoints do not enforce any authentication or authorization checks. This issue may lead to pre-auth RCE. This issue...
FiberHome HG6245D Disclosure / Bypass / Privilege Escalation / DoS
Hello, Please find a text-only version below sent to security mailing lists. The complete version on "Multiple vulnerabilities found in FiberHome HG6245D routers" is posted here: https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html === text-version of the advisory =...
Researcher Publishes Patch Bypass for vBulletin 0-Day
A security researcher has published proof-of-concept code to outsmart a patch issued last year for a zero-day vulnerability discovered in vBulletin, a popular software for building online community forums. Calling a patch for the flaw a “fail” and “inadequate in blocking exploitation,” Austin-bas...
Cayin Digital Signage System xPost 2.5 - Remote Command Injection
Title: Cayin Digital Signage System xPost 2.5 - Remote Command Injection Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A !/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor: CAYIN Technology Co., Ltd. Product web...
Exploit for Incorrect Authorization in Qnap Photo_Station
QNAP Pre-Auth Root RCE CVE-2019-7192 CVE-2019-7195 Checker...
Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution
Hello, Please find a text-only version below sent to security mailing lists. The HTML version on "Multiple vulnerabilities found in Zyxel CNM SecuManager" is posted here: https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html === text-version of the advisory ===...
Exploit for Code Injection in Vbulletin
PoC exploit for CVE-2019-16759, an RCE vulnerability in vBulleti...
X (Formerly Twitter): Potential pre-auth RCE on Twitter VPN
Hi, weOrange Tsai and Meh Chang are the security research team from DEVCORE. Recently, we are doing a research about SSL VPN security, and found several critical vulnerabilities on Pulse Secure SSL VPN! We have reported to vendor and patches have been released on 2019/4/25. Since that, we keep...